Types of Targeted Email Attacks
A Targeted Email Attack, unlike typical spam emails, is an email attack aimed at specific individuals or organizations.
External attacks such as malware and social engineering attacks
Attacks that can result in internal information leaks and other damages to the outside.
Security Technology Procedures for Targeted Email Attacks
Targeted Inbound Email Attacks
Zero-day Malware
Since the zero-day malware is not registered in the big data database, attacker uses new unknown malware that is difficult to detect in antivirus tests. For example, the vulnerability of zero-day is exploited to insert an attachment containing new malware that the security solution cannot detect, and send an email that induces users to click. Zero-day malwares may access memory on a victim’s computer system to damage or delete files and programs.
Malware in Attachment
Malicious email attachment is one type of threat that attackers conceal malware inside of commonly emailed files. The attachments within these malicious emails can be disguised as documents, executable files, or even image and video files. These also can be encrypted files with other extensions. Attacks using executable files include falsifying the sender’s address to trick the recipient into opening emails with malicious documents. Attacks inserting malicious code into image and attaching it to the body of the email can be made.
Malware in URL
Malicious URL attack is an attack by inserting a clickable link containing malware in emails for the purpose of inducing users to malicious websites. Also, the malicious URLs could be contained in a large attachment and/or in the body of the email. An attack that causes malware to be executed when a user clicks on a URL into an email or regular attachment, and not only at the time of delivery.
Forged Header
Forged header is a type of social engineering attack in which scammers dodge detection by forging account information on the header. attackers use forgery of email header to bypass the destination of emails when a user sends a reply. Through the forged header attack, attackers are able to intercept emails from normal users which may contain company’s credential information and personal information.
Look-alike Domain
Look-alike domain is a type of social engineering attack where attackers send a malicious email from an email address which is remarkably similar for the human eye to differentiate to a normal sender. For example, capital ‘I’ and lower case ‘l’ letters are similar in appearance so that they can be abused as an attack.
Account Take-over (ATO)
Account take-over (ATO) is a social engineering attack that uses a real user’s account. After attempting to log in to the stolen email account to browse the email history of the user, to find the confidential information and potential secondary victims. For example, with the account information that the attacker stole from the phishing site, send an email asking for remittance account changes or deliver the confidential information stored in the account to external.
Do you have an Email Security System in place to Defend Against Targeted Email Attacks?
Targeted Outbound Email Attacks
Intentional Information Leakage
Intentional information leakage is a method in which employees purposely leak corporate confidential information and/or employees’ personal information to external parties through business or personal email due to the absence of in-house security policies.
Unintentional Information Leakage
Unintentional information leakage can be caused by carelessness or negligence of internal employees. When account users using the internal network isolation send emails with a large attachment in the isolated internal network to an external party, if the attached files contain the company’s crucial information or other employees’ personal information by mistake, it can cause serious information leakage issues.
Attacks Using Account Take-Over
The method of outbound email attacks generally begins after a user’s account is stolen. Attackers randomly send follow-up emails exploiting the personal information of others in the user’s inbound and outbound emails through the stolen account. Accounts related to attacked users will potentially be secondary victims and later reused in phishing attacks.
Unauthorized Email Server Access
Unauthorized email server access is a method of outbound email attack where an attacker takes over an email server to gain control of it. The attacker may gain unauthorized access to the user’s company email account with the stolen account credentials. For example, once an email server is compromised, the attacker could retrieve users’ passwords, which may grant the attacker access to other hosts on the organization’s network.
Do you have an Email Security System in place to Protect Emails from Internal Threats?
Products for Countering Targeted Email Attacks
Advanced Targeted Email Attacks: APT, BEC
In-Depth Malicious Behavior Analysis in Virtual Area
Comprehensive Response Across
All Areas of Inbound and Outbound,
Not Segregated in Security
Comprehensive International Email Security Standards-Based
Response for Both Inbound and Outbound Areas
